WEBVTT

00:00.000 --> 00:14.200
This is hacker public radio episode 4,000 and 24 for Thursday the 4th of January 2024.

00:14.200 --> 00:20.320
Today's show is entitled, experiences with graphing us and why I use it.

00:20.320 --> 00:23.600
It is part of the series' privacy and security.

00:23.600 --> 00:28.200
It is hosted by NSTELLO and is about 20 minutes long.

00:28.200 --> 00:30.800
It carries a clean flag.

00:30.800 --> 00:40.000
The summary is, how and why I live with a do-go-gold phone.

00:40.000 --> 00:44.000
Hello there, welcome to Hacker Public Radio.

00:44.000 --> 00:46.200
This is NSTELLO.

00:46.200 --> 00:51.800
Hacker Public Radio is a community driven podcast and currently we're very short of episodes.

00:51.800 --> 00:57.400
So please record your own episode and submit it to the team at hpr.org.

00:57.400 --> 01:00.000
We need contributors.

01:00.000 --> 01:06.040
I want to talk today about my experiences living with a what's called a do-go-gold phone.

01:06.040 --> 01:11.680
It comes really from a willingness on my part to separate myself from the influence of

01:11.680 --> 01:17.080
Google and big technology in general and of course the computer that I've got to hand

01:17.080 --> 01:21.280
at least most often is my phone like many people.

01:21.280 --> 01:26.480
I became uncomfortable with the amount of data that Google and then others I discovered

01:26.560 --> 01:33.720
hold on me when I once delved into the back end of my Google account and discovered a map.

01:33.720 --> 01:39.120
And on that map it basically showed where I'd been over the last two or three years.

01:39.120 --> 01:43.280
Not necessarily to the nearest square foot but certainly pretty close.

01:43.280 --> 01:48.280
It showed every location I'd been to when I'd moved from eight to be how fast I'd

01:48.280 --> 01:52.000
moved from eight to be how I'd been there.

01:52.040 --> 01:58.640
I investigated a bit further and found that data gathering these days is absolutely

01:58.640 --> 02:05.280
everywhere it is insidious it's in everything that we do and it happens all the time whether

02:05.280 --> 02:08.600
or not you know that it's even going on.

02:08.600 --> 02:13.400
And in fact until you do some research and hack you through all the marketing terminology

02:13.400 --> 02:20.080
and preferences that you discover quite how much information is being held on us.

02:20.080 --> 02:27.040
Now that information ranges from geolocation as I mentioned but also now extends to

02:27.040 --> 02:33.200
depending on what browser you use, of course, where you go on the web, how you behave

02:33.200 --> 02:39.440
on any website, what links you click, how long you stay on a particular site, what online

02:39.440 --> 02:45.160
services you use, how those services are interconnected and so on and so forth.

02:45.160 --> 02:52.000
Now the standard line about people taking your data and using it is that it's just use

02:52.000 --> 02:58.880
it for advertising you know I'm strong enough will to be able to ignore any encouragement

02:58.880 --> 03:03.880
for me to buy things so I can just ignore the ads that's fine so it's no skin off

03:03.880 --> 03:04.880
my nose.

03:04.880 --> 03:11.440
However it does actually go a great deal deeper than that advertising or just saying advertising

03:11.440 --> 03:19.680
is a very simplistic notion of where and what data is used for and it's not just Google

03:19.680 --> 03:24.120
of course there are thousands and thousands of other companies like Google trading in

03:24.120 --> 03:25.120
data.

03:25.120 --> 03:30.520
You only have to dive into the terms and conditions of an average smart TV to discover

03:30.520 --> 03:35.360
quite how many companies are mining your data even as you flick through channels.

03:35.360 --> 03:41.400
There are literally thousands of them and all of these companies have one thing in common

03:41.400 --> 03:47.000
and it's that they have one criterion on which they base their decision as to whether

03:47.000 --> 03:53.840
or not they're going to sell data about you and that criterion is does the buyer have

03:53.840 --> 03:59.600
any money and if the answer is yes the buyer is willing to pay for this information

03:59.600 --> 04:05.280
they will sell it and of course that means that data can go more or less anywhere

04:05.280 --> 04:11.520
be used by anyone for any purpose and those purposes may or may not chime with what

04:11.520 --> 04:16.680
you've got in mind as to how you want to live your life for instance it may be that

04:16.680 --> 04:24.080
your data is being used to form a profile about you in order to encourage you or your

04:24.080 --> 04:28.400
children for instance to go and work in the nuclear weapons industry now you may well

04:28.400 --> 04:34.280
already work in the nuclear weapons industry I don't know but personally I'm not wild

04:34.280 --> 04:40.680
about the fact that collector data could be used to influence an election change people's

04:40.680 --> 04:45.800
political opinions who are maybe wavering on the brink of a decision one way or another

04:45.800 --> 04:51.480
created Twitter storm about a particular issue and influence world events one way or

04:51.480 --> 04:58.680
another all of which without our or my say so it's insidious and it's out of our hands

04:58.680 --> 05:05.880
and I don't like it I find misuse of my data not necessarily upsetting but it's troubling

05:06.920 --> 05:13.480
and I guess speaking of emotional issues I don't think that people holding information about

05:13.480 --> 05:19.640
me is necessarily creepy I don't think there's a young man hunched over his laptop at Google

05:19.640 --> 05:24.920
headquarters examining and his stellar life and where he goes and what he spends money on and

05:25.640 --> 05:31.080
what online services he uses I don't think it's really that cuddly or human even to any

05:31.080 --> 05:38.520
extent but it's just this idea of something happening usually without my knowledge by default

05:38.520 --> 05:43.720
without my knowledge at least being sold on to people who have very different ideas about the

05:43.720 --> 05:50.520
world the planet and human existence that are very different from mine now that brings me to the

05:50.520 --> 05:56.600
computer in my back pocket the smartphone I use all day every day if you're at all interested

05:56.600 --> 06:02.600
in data privacy then you need to make some decisions about when you refresh your phone when

06:02.600 --> 06:08.360
you buy a new phone when you update it and what operating system you put on it and there's choices

06:08.360 --> 06:15.080
out there pretty standard as you know you can use an iOS or Apple phone Apple phones tend to send

06:15.080 --> 06:21.000
about 12 to 15 megabytes of data out from the phone every day obviously that's different from any

06:21.560 --> 06:28.360
data usage that you may get involved in you know downloading or streaming information but

06:28.360 --> 06:33.240
there are about 12 to 15 megabytes of data that leave your phone that have got nothing to do

06:33.240 --> 06:40.040
with you making a proactive choice to send data from your phone it goes out anyway that's underneath

06:40.200 --> 06:47.480
the hood Android stock Android is a great deal worse it's between 12 and 20 megabytes a day

06:47.480 --> 06:52.360
of data leaving your phone so geeks out there think okay well we're going to use one of these

06:52.360 --> 06:59.080
Linux variations as a phone operating system and I would say again this is just my experience I've

06:59.080 --> 07:05.720
tried a lot of them and a lot of them are impractical for daily driver use I've tried you be

07:05.720 --> 07:15.880
ports a sailfish e slash OS and lineage for instance and I found that a lot of those especially

07:15.880 --> 07:24.440
the more pure Linux variants make life to inconvenient too many times in the sense that many of the

07:24.440 --> 07:32.040
apps that I have to use in order to get things done something that I'll come on to later simply

07:32.040 --> 07:37.800
don't work can't be installed or protest to such an extent that they're not in their normal

07:37.800 --> 07:45.320
environments that they become unusable now the exception I've found to this is graphing OS which I've

07:45.320 --> 07:53.160
been using now for 14 months and I thought I'd come on there HPR podcast and discuss my use of it

07:53.160 --> 07:58.920
over the last year plus it's often seen as a compromise I don't honestly think that it is

07:59.880 --> 08:06.360
I guess it does fall somewhere in its stance between absolute privacy and absolute openness

08:06.360 --> 08:13.400
in terms of user data I believe also there's CalXOS which I haven't tried so I'll withhold any

08:13.400 --> 08:19.800
opinion I might have about that particular operating system however I found that many of the things

08:19.800 --> 08:25.800
that are absolutely necessary almost mandatory to have to get through daily life not only work

08:25.800 --> 08:34.360
on graphing OS but workers they were designed to do and yet they don't leak data out to anyone

08:34.360 --> 08:40.440
who programs that data leakage into an application or into the operating system in the case of

08:40.440 --> 08:49.240
Android on graphing I'm pretty much able to do all the things that I want to do every day such as

08:50.200 --> 08:58.360
say banking so I can do my accounts I can work with the utilities companies that supply me with

08:58.360 --> 09:06.040
power and water and so on I can contact my doctor I can order a prescription and all these apps

09:06.040 --> 09:12.600
for those things work pretty flawlessly with graphing so the way this works is if you read the

09:12.600 --> 09:17.320
graphing website you'll see that there's an extensive amount of data about how the companies

09:17.320 --> 09:24.520
achieved the balance between operability and usability and privacy graphing OS implements play

09:24.520 --> 09:31.160
services and play services is so well-named so such a cuddly little mama car isn't it it's play

09:31.160 --> 09:36.600
it's it's wistful it's really rather nice but of course play your services are the way

09:37.400 --> 09:44.520
through which Google manages to centralize all information flows and Google users play services

09:44.520 --> 09:49.720
to track and encapsulate your data and the data of the people in the institutions that you

09:49.720 --> 09:59.000
interact with into one place so it can be examined captured and essentially sold in some way now

09:59.000 --> 10:05.160
you can read about this to a much greater depth on the graphing OS website links in the show notes

10:05.160 --> 10:11.080
but graphing OS runs play services but in a sandbox if you like an environment that's something

10:11.080 --> 10:19.240
of a vacuum and the operating system itself in the background intersects any attempts and attempts

10:19.240 --> 10:29.400
to correct for errors any attempts which would otherwise be made by third parties or Google to connect

10:29.400 --> 10:36.920
to your data in some way for instance play services might be complaining that it doesn't have

10:37.000 --> 10:43.480
access to the information that it inverted commas needs but graphing OS will either

10:43.480 --> 10:50.600
reroute those requests for instance for geolocation and satisfy those background play services

10:50.600 --> 10:55.880
that all is well while of course not actually letting any of your data escape.

10:56.760 --> 11:01.720
Now the main advantage of this particular facility is that you can use as I've mentioned

11:02.040 --> 11:10.280
standard banking apps and as I say not atrophy data out onto the internet for others to use.

11:11.560 --> 11:18.520
There's one particular app that I would highly recommend using and there are alternatives for

11:18.520 --> 11:23.720
this alternative apps that will do a similar thing and that's the dot dot go browser.

11:24.600 --> 11:33.240
It contains a setting which stops and helps you track outgoing data from any application.

11:34.040 --> 11:40.440
It will give you a notification as to which applications on your phone are sending out data even when

11:40.440 --> 11:44.760
even when this is what really surprised me even when they're not in use when you haven't run them

11:44.760 --> 11:50.840
for weeks or months those applications are still trying to phone home and give data about it.

11:51.720 --> 11:57.640
Interestingly you wouldn't believe how often they try to do it and who they're trying to send

11:57.640 --> 12:02.920
data to. For instance one of the apps I used to do some of my banking belongs to a bank here

12:02.920 --> 12:11.240
in the UK called the co-operative bank which is one of those banks which has one of the least

12:11.240 --> 12:19.400
morally offensive codes of conduct that's available and yet it's that app of course that tries

12:19.400 --> 12:26.680
in the region of 600 times a day to send information back to a third party in this case it's a

12:26.680 --> 12:33.480
Adobe data collection services. Who and as you can then use that information however they see fit

12:33.480 --> 12:37.960
and however the co-operative bank see fit. Some apps of course you're not particularly surprised

12:37.960 --> 12:43.400
they're trying to find home I've got a little application for instance that was free that checks

12:43.400 --> 12:49.320
lottery numbers for example I downloaded that and that tries to talk to the internet again even

12:49.320 --> 12:55.080
when I'm not using it so that might not surprise you there are some surprises in there the app

12:55.080 --> 12:59.640
that I used to order my prescriptions from the doctor for instance also tries to phone home

12:59.640 --> 13:06.200
very often again even when I'm not using it but with the dot go settings it's app tracker prevents

13:06.200 --> 13:13.080
this happening and willing for me if and when it happens and obviously there are lots of apps there

13:13.080 --> 13:16.840
that will probably do the same kind of thing but this is probably the most obvious one and the

13:16.920 --> 13:24.440
one that will also serve other uses. Gays with that saying of course that graphing OS you can use

13:24.440 --> 13:31.720
F-droid and you should this would be my advice you should if you can use any apps from F-droid

13:32.440 --> 13:39.400
the documentation on the app and it's licensing is a great deal clearer than anywhere else and you

13:39.400 --> 13:44.920
don't have to wait through the play store which does usually contain a great deal of

13:44.920 --> 13:51.640
great deal of craft. Now from a work point of view when I go to work I have to use apps which

13:51.640 --> 13:59.480
are primarily Microsoft so that involves teams and outlook and word and excel a couple of other

13:59.480 --> 14:07.000
things as well. Now graphing OS is very happy to run those applications does it without murmuring

14:07.000 --> 14:13.160
of course when you install outlook it tries to install the ability to remotely wipe your phone

14:13.160 --> 14:19.160
in case your Microsoft systems administrator decides that your phone's been stolen it can send

14:19.160 --> 14:29.560
signals to the OS to wipe the phone the graphing sandbox simply says yes okay whatever and

14:29.560 --> 14:37.480
belays those particular instructions but the end result is that apps like teams and outlook work

14:37.560 --> 14:47.000
very well you can also use standard mapping or maps apps Google Maps for instance works fine

14:47.000 --> 14:53.640
if you want to use that out and street maps is obviously works great graphing seems to run the

14:53.640 --> 15:01.000
various messaging platforms that I use without hitch at all and things that are aspects of daily

15:01.000 --> 15:07.400
life that you need web browsers of any flavor all run absolutely fine I'm tested Chrome

15:07.400 --> 15:14.920
interesting enough but I assume that works should you be that way inclined and there is as well

15:15.560 --> 15:22.120
from FDroid a couple of apps that will replace find my phone or wipe my phone remotely those two

15:22.120 --> 15:29.800
things do exist you don't have to rely on Google for those things like travel apps for the

15:29.800 --> 15:37.480
train for the local buses that all works fine I've even run being copilot on the phone or

15:37.480 --> 15:44.360
works very nicely and again I'm pretty sure at least I've taken all the steps I think I can

15:44.360 --> 15:49.880
that none of these applications are phoning home in fact they're they're working in the way that

15:49.880 --> 15:56.360
software I sound old now but they're working in the way that software always used to you get an

15:56.360 --> 16:02.920
application you install it it's your software it's on your phone and it works the way that you

16:02.920 --> 16:07.720
want it to and doesn't do anything quietly under the hood to try and cash in on the fact that

16:07.720 --> 16:16.120
you're having the tenacity and the tenacity to use that application the one downside I have heard

16:16.120 --> 16:23.640
it's not something I've experienced particularly but one aspect is that Google Play services does

16:23.640 --> 16:32.600
aggregate messaging apps and app push notifications it aggregates those and sends them all in one

16:32.600 --> 16:40.280
hit as it were to a phone and that therefore lowers the amount of data that you might use up

16:40.280 --> 16:47.640
of your carrier's data plan it's not something that I've experienced a problem with I probably get

16:47.640 --> 16:55.000
through maybe 40 to 50% of the battery in a day in an 18 hour day of fairly I won't say

16:55.000 --> 17:01.640
heavy use but you know normal phone use I don't use my phone all the time but I do use it very often

17:01.640 --> 17:08.680
and I've not really noticed any any hit from power one thing I haven't tried at all is Google

17:08.680 --> 17:14.680
Play which is where you put your credit card details or your debit card details into your phone

17:14.680 --> 17:22.360
and you can then use NFC on your phone to pay for things in shops and the like I just use my

17:22.360 --> 17:28.920
old plastic plastic cards for my wallet I'd be very interested to find out whether that works

17:28.920 --> 17:35.400
smoothly or not I guess there are a couple of other tiny paper cuts and they're nothing really

17:35.480 --> 17:45.160
I've got one app that wants to display a membership card for the gym that I go to and every time

17:45.160 --> 17:49.240
I bring up the membership card it complains it hasn't got enough access because it wants to

17:49.240 --> 17:53.800
redraw the screen to a different size I think that's probably about the only thing that's

17:53.800 --> 17:59.720
an irritation so in conclusion I would say if you are a tall interested in privacy

17:59.800 --> 18:08.120
that I would recommend graphing OS as I say a calyx OS is if you like a very similar operating

18:08.120 --> 18:14.280
system one I haven't tried yet I've been running graphing for 14 months and I think it's great

18:14.280 --> 18:21.960
the irony of course is that both calyx OS and graphing OS only run on pixel phones and of course

18:22.040 --> 18:30.120
the maker of pixel phones is calyx before I sign off and put back on my tin foil hat

18:30.120 --> 18:34.760
which obviously had to take off for the purposes of this podcast because the rustling of the

18:34.760 --> 18:41.080
aluminium foil does tend to come through on the audio I think it's a general point that's well

18:41.080 --> 18:50.600
worth making as internet users we have constructed this situation in which we give away our data we

18:50.680 --> 18:57.000
made that situation between us and therefore this isn't something that's out of our control

18:57.000 --> 19:03.480
we're not powerless in the face of data gathering on a huge scale it can be dismantled

19:04.040 --> 19:13.240
and the only way it will be ever dismantled is if we wanted a time and hopefully all of us eventually

19:13.240 --> 19:21.960
stop giving away our data for free we helped build this structure that I personally don't like

19:21.960 --> 19:27.880
and so therefore we're responsible for that but we can also be responsible for dismantling

19:27.880 --> 19:33.640
that structure as well I think the best analogy for data privacy is that if you were to imagine

19:33.640 --> 19:40.120
every word that you uttered out loud could be used by other people that you've never met without

19:40.200 --> 19:46.440
your permission because everything that you said had value but other people could use what you said

19:46.440 --> 19:51.400
for whatever reason they wanted for whatever purposes they wanted whether or not you agreed with them

19:51.400 --> 19:57.080
using your words and what you said out loud they could just go right ahead and they could make

19:57.080 --> 20:02.440
money out of it as well as long as the people willing to buy that information had a few dollars

20:02.440 --> 20:07.960
in their back pocket you'd probably start watching what you said and where you said it and who you said

20:08.840 --> 20:14.920
I think Edward Snowden and I'm going to mangle the quote really said something like saying you

20:14.920 --> 20:20.600
don't care about data privacy because you've got nothing to hide is like saying you don't care

20:20.600 --> 20:26.600
about free speech because you've got nothing to say data in my opinion is much the same as speech

20:27.240 --> 20:34.440
free speech and with that I'll sign off this has been hack a public radio I'm Anna Stella thank you for

20:35.320 --> 20:42.600
listening you have been listening to hack a public radio that hack a public radio does work

20:42.600 --> 20:49.560
today show was contributed by a HBO artist like yourself if you ever thought of recording podcast

20:49.560 --> 20:56.520
and click on our own tribute link to find out how easy it means hosting for HBO has been kindly

20:56.520 --> 21:04.440
provided by an onsthost.com internet archive and our synced.net on the satellite stages

21:04.440 --> 21:11.400
today show is released on our creative comments attribution for pointo international license